Malware, in all of its various forms, continues to evolve and expand at an ever-increasing rate. One fairly recent form of malware, known as ransomware, attempts to restrict or prevent access to valuable data until the system owner pays or otherwise satisfies a ransom. For example, the ransomware known as CryptoLocker encrypts data files until the system owner pays a monetary ransom. Another recent form of malware, known as targeted threats (also referred to as advanced persistent threats (APTs)), includes custom malware designed to target a specific entity. For example, targeted threats may target sensitive data, thereby causing monetary and reputation damages to affected organizations. Targeted threats may also be designed to destroy valuable data or sabotage computer-controlled systems.
Unfortunately, many of these newer forms of malware may not be detected until after the resulting damage occurs. For example, since targeted threats may be custom-designed for a specific entity, malware scanners and reputation services may not encounter or discover a particular targeted threat until after it reaches and infects a targeted system. Similarly, ransomware and other forms of malware may evade detection by being polymorphic, meaning the malware executable file is modified somewhat each time it is replicated.
By avoiding detection, malware may be able to successfully destroy, modify, or encrypt data files, or even deploy additional malware. At this point, system administrators may be left trying to determine the extent of the damage, restore data from backups, and/or rebuild or reimage damaged systems. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for remediating the effects of malware.